Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Kirk Ransomware Help & Support Topic (.KIRK Extension & RANSOM_NOTE.txt)

  • Please log in to reply
No replies to this topic

#1 Grinler


    Lawrence Abrams

  • Admin
  • 43,717 posts
  • Gender:Male
  • Location:USA
  • Local time:08:53 AM

Posted 16 March 2017 - 08:25 PM

Avast malware researcher Jakub Kroustek has discovered the Kirk Ransomware, which encrypts files with AES encryption and then appends the .KIRK extension to the filename. When done encrypting files it will also create a ransom note named RANSOM_NOTE.txt.
If you plan on paying the ransom, you must not delete the PWD file located in the same folder as the executable.This file contains your encrypted decryption key and is required by the ransomware developer to get your keys back.
This ransomware requires payments to be made in Monero rather than bitcoin.
More information can be found here: Star Trek Themed Kirk Ransomware Brings us Monero and a Spock Decryptor!


BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users